USB drives spread malware to power plants

Tools

Two power plants in the United States were infected with malware last year, and in both cases it was spread by USB drives, reports Dan Goodin at Ars Technica. The drives had been inserted in equipment control systems at the facilities, according to a report by the U.S. Industrial Control Systems Cyber Emergency Response Team.

At one of the facilities, the malware was discovered when an employee called the plant's IT pros after having problems with a USB drive, according to the report.

When the drive was plugged into a computer running a current antivirus program, it flagged the malware. At the other facility, 10 computers in a turbine control system were brought down by the malware riding on a USB drive. According to the report, the "plant restart" was delayed for about three weeks.

As Goodin notes, USB drives have been a big problem for industrial control systems around the world. The infamous Stuxnet work and Flame malware both depended on the drives.

For more:
- see Dan Goodin's article at Ars Technica

Related Articles:
Researchers expose security holes in SCADA systems
Consultant: Companies running critical infrastructure take months to patch holes

Filed Under